Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1116f152 by Salvatore Bonaccorso at 2025-09-11T08:18:41+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -105,17 +105,17 @@ CVE-2025-56466 (Hardcoded credentials in Dietly v1.25.0
for android allows attac
CVE-2025-56413 (OS Command injection vulnerability in function OperateSSH in
1panel 2. ...)
TODO: check
CVE-2025-56407 (A vulnerability has been found in HuangDou UTCMS V9 and
classified as ...)
- TODO: check
+ NOT-FOR-US: HuangDou UTCMS
CVE-2025-56406 (An issue was discovered in mcp-neo4j 0.3.0 allowing attackers
to gain ...)
- TODO: check
+ NOT-FOR-US: mcp-neo4j
CVE-2025-56405 (An issue was discovered in litmusautomation litmus-mcp-server
thru 0.0 ...)
- TODO: check
+ NOT-FOR-US: litmusautomation litmus-mcp-server
CVE-2025-56404 (An issue was discovered in MariaDB MCP 0.1.0 allowing
attackers to gai ...)
- TODO: check
+ NOT-FOR-US: MariaDB MCP
CVE-2025-55976 (Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in
plaintext via ...)
NOT-FOR-US: Intelbras
CVE-2025-54376 (Hoverfly is an open source API simulation tool. In versions
1.11.3 and ...)
- TODO: check
+ NOT-FOR-US: Hoverfly
CVE-2025-54260 (Substance3D - Modeler versions 1.22.2 and earlier are affected
by an o ...)
NOT-FOR-US: Adobe
CVE-2025-54259 (Substance3D - Modeler versions 1.22.2 and earlier are affected
by an I ...)
@@ -135,13 +135,13 @@ CVE-2025-54240 (After Effects versions 25.3, 24.6.7 and
earlier are affected by
CVE-2025-54239 (After Effects versions 25.3, 24.6.7 and earlier are affected
by an out ...)
NOT-FOR-US: Adobe
CVE-2025-54123 (Hoverfly is an open source API simulation tool. In versions
1.11.3 and ...)
- TODO: check
+ NOT-FOR-US: Hoverfly
CVE-2025-54084 (OS Command ('OS Command Injection') vulnerability in Calix
GigaCenter ...)
- TODO: check
+ NOT-FOR-US: Calix
CVE-2025-54083 (Insecure Storage of Sensitive Information vulnerability in
Calix GigaC ...)
- TODO: check
+ NOT-FOR-US: Calix
CVE-2025-50892 (The eudskacs.sys driver version 20250328 shipped with EaseUs
Todo Back ...)
- TODO: check
+ NOT-FOR-US: EaseUs Todo Backup
CVE-2025-49461 (Cross-site scripting in certain Zoom Workplace Clients may
allow an un ...)
NOT-FOR-US: Zoom
CVE-2025-49460 (Uncontrolled resource consumption in certain Zoom Workplace
Clients ma ...)
@@ -151,9 +151,9 @@ CVE-2025-49459 (Missing authorization in the installer for
Zoom Workplace for Wi
CVE-2025-49458 (Buffer overflow in certain Zoom Workplace Clients may allow an
authent ...)
NOT-FOR-US: Zoom
CVE-2025-44595 (Halo v2.20.17 and before is vulnerable to Cross Site Scripting
(XSS) i ...)
- TODO: check
+ NOT-FOR-US: Halo
CVE-2025-44593 (Halo prior to 2.20.13 allows bypassing file type detection and
uploadi ...)
- TODO: check
+ NOT-FOR-US: Halo
CVE-2025-43938 (Dell PowerProtect Data Manager, version(s) 19.19 and 19.20,
Hyper-V co ...)
NOT-FOR-US: Dell / EMC
CVE-2025-43888 (Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and
19.20, c ...)
@@ -177,27 +177,27 @@ CVE-2025-43725 (Dell PowerProtect Data Manager, Generic
Application Agent, versi
CVE-2025-43491 (A vulnerability in the Poly Lens Desktop application running
on the Wi ...)
NOT-FOR-US: HP
CVE-2025-41714 (The upload endpoint insufficiently validates the 'Upload-Key'
request ...)
- TODO: check
+ NOT-FOR-US: SmartEMS Web Application
CVE-2025-40979 (DLL search order hijacking vulnerability in the wave.exe
executable fo ...)
TODO: check
CVE-2025-40725 (Reflected Cross-Site Scripting (XSS) vulnerability in Azon
Dominator. ...)
- TODO: check
+ NOT-FOR-US: Azon Dominator
CVE-2025-36759 (Through the provision of user names, SolaX Cloud will suggest
(similar ...)
- TODO: check
+ NOT-FOR-US: SolaX Cloud
CVE-2025-36758 (It is possible to bypass the clipping level of authentication
attempts ...)
- TODO: check
+ NOT-FOR-US: SolaX Cloud
CVE-2025-36757 (It is possible to bypass the administrator login screen on
SolaX Cloud ...)
- TODO: check
+ NOT-FOR-US: SolaX Cloud
CVE-2025-36756 (A problem with missing authorization on SolaX Cloud platform
allows ta ...)
- TODO: check
+ NOT-FOR-US: SolaX Cloud
CVE-2025-34178 (In pfSense CE/suricata/suricata_app_parsers.php, the value of
the poli ...)
- TODO: check
+ NOT-FOR-US: pfSense
CVE-2025-34177 (In pfSense CE/suricata/suricata_flow_stream.php, the value of
the poli ...)
- TODO: check
+ NOT-FOR-US: pfSense
CVE-2025-34176 (In pfSense CE/suricata/suricata_ip_reputation.php, the value
of the ip ...)
- TODO: check
+ NOT-FOR-US: pfSense
CVE-2025-29592 (oasys v1.1 is vulnerable to Directory Traversal in
ProcedureController ...)
- TODO: check
+ NOT-FOR-US: oasys
CVE-2025-23344 (The NVIDIA NVDebug tool contains a vulnerability that may
allow an act ...)
TODO: check
CVE-2025-23343 (The NVIDIA NVDebug tool contains a vulnerability that may
allow an act ...)
@@ -211,23 +211,23 @@ CVE-2025-20248 (A vulnerability in the installation
process of Cisco IOS XR Soft
CVE-2025-20159 (A vulnerability in the management interface access control
list (ACL) ...)
NOT-FOR-US: Cisco
CVE-2025-10231 (An Incorrect File Handling Permission bug exists on the
N-central Wind ...)
- TODO: check
+ NOT-FOR-US: N-central
CVE-2025-10227 (Missing Encryption of Sensitive Data (CWE-311) in the Object
Archive c ...)
- TODO: check
+ NOT-FOR-US: AxxonSoft Axxon One
CVE-2025-10226 (Dependency on Vulnerable Third-Party Component (CWE-1395) in
the Postg ...)
- TODO: check
+ NOT-FOR-US: AxxonSoft Axxon One
CVE-2025-10225 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
- TODO: check
+ NOT-FOR-US: AxxonSoft Axxon One
CVE-2025-10224 (Improper Authentication (CWE-287) in the LDAP authentication
engine in ...)
- TODO: check
+ NOT-FOR-US: AxxonSoft Axxon One
CVE-2025-10223 (Insufficient Session Expiration (CWE-613) in the Web Admin
Panel in Ax ...)
- TODO: check
+ NOT-FOR-US: AxxonSoft Axxon One
CVE-2025-10222 (Exposure of Sensitive Information to an Unauthorized Actor
(CWE-200) i ...)
- TODO: check
+ NOT-FOR-US: AxxonSoft Axxon One
CVE-2025-10221 (Insertion of Sensitive Information into Log File (CWE-532) in
the ARP ...)
- TODO: check
+ NOT-FOR-US: AxxonSoft Axxon One
CVE-2025-10220 (Use of Unmaintained Third Party Components (CWE-1104) in the
NuGet dep ...)
- TODO: check
+ NOT-FOR-US: AxxonSoft Axxon One
CVE-2025-10219
REJECTED
CVE-2025-10215 (DLL search path hijacking vulnerability in the UPDF.exe
executable for ...)
@@ -237,15 +237,15 @@ CVE-2025-10214 (DLL search path hijacking vulnerability
in the UPDF.exe executab
CVE-2025-10213 (DLL search path hijacking vulnerability in the UPDF.exe
executable for ...)
TODO: check
CVE-2025-10211 (A security vulnerability has been detected in yanyutao0402
ChanCMS 3.3 ...)
- TODO: check
+ NOT-FOR-US: yanyutao0402 ChanCMS
CVE-2025-10210 (A weakness has been identified in yanyutao0402 ChanCMS up to
3.3.0. Im ...)
- TODO: check
+ NOT-FOR-US: yanyutao0402 ChanCMS
CVE-2025-10209 (A security flaw has been discovered in Papermerge DMS up to
3.5.3. Thi ...)
- TODO: check
+ NOT-FOR-US: Papermerge DMS
CVE-2025-10197 (A vulnerability was found in HJSoft HCM Human Resources
Management Sys ...)
- TODO: check
+ NOT-FOR-US: HJSoft HCM Human Resources Management System
CVE-2025-10195 (A vulnerability has been found in Seismic App 2.4.2 on
Android. Affect ...)
- TODO: check
+ NOT-FOR-US: Seismic App
CVE-2025-10172 (A flaw has been found in UTT 750W up to 3.2.2-191225. This
issue affec ...)
TODO: check
CVE-2025-10171 (A vulnerability was detected in UTT 1250GW up to 3.2.2-200710.
This vu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1116f152933fef61500b688d74bf4fe10fee4b9f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1116f152933fef61500b688d74bf4fe10fee4b9f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
